Measuring the Root KSK Keyroll

A little over five years ago the root zone of the DNS was signed with DNSSEC for the first time. At the time the Root Zone operators promised to execute a change of key in five years time. It's now that time and we are contemplating a roll of the root key of the DNS. The problem is that we believe that there are number of resolvers who are not going to follow the implicit signalling of a new key value. So for some users, for some domain names things will go dark when this key is rolled. Is there any way to predict in advance how big a problem this will be?

Prez: Candidate synchronization

So last week I gave $10 to all the presidential campaigns, in order to watch their antics. One thing that's weird is that they often appear to act in unison, as if they are either copying each other, or are all playing from the same secret playbook.

The candidates must report their donations every quarter, according to FEC (Federal Elections Commission) rules. The next deadline is September 30th. Three days before that deadline, half the candidates sent out email asking for donations to meet this "critical" deadline. They don't say why it's critical, but only that's is some sort of critical deadline that must be met, which we can only do so with your help. The real reason why, of course, is that this information will become public, implicitly ranking the amount of support each candidate has.

Four days before this deadline, I didn't get donation pleas mentioning it. Three days before, half the candidates mentioned it. It's as if one candidate sees such an email blast, realizes it's a great idea, and send's out a similar email blast of their own.

Two days before the deadline, three of the candidates sent out animated GIFs counting down to the deadline. Continue reading

Thousands of medical devices are vulnerable to hacking, security researchers say

Next time you go for an MRI scan, remember that the doctor might not be the only one who sees your results.Thousands of medical devices, including MRI scanners, x-ray machines and drug infusion pumps, are vulnerable to hacking, creating significant health risks for patients, security researchers said this week.The risks arise partly because medical equipment is increasingly connected to the Internet so that data can be fed into electronic patient records systems, said researcher Scott Erven, who presented his findings with fellow researcher Mark Collao at the DerbyCon security conference.To read this article in full or to leave a comment, please click here

What will be hottest space research in next ten years?

With NASA spotting water flows on Mars this week, excitement abounds as to what might be the next big thing for astrobiologsts and space scientists in general.Interestingly a congressional hearing entitled “Astrobiology and the Search for Life Beyond Earth in the Next Decade” was on tap this week to take a look at what some key issues are as NASA and other space organization look toward the future.+More on Network World: NASA touts real technologies highlighted in imminent 'The Martian' flick+To read this article in full or to leave a comment, please click here

Assigning DMVPN tunnel interface addresses with DHCP

I posted previously about some of the inner workings of DHCP. The three key points from that post are critical building blocks for this discussion:
  • DHCP requests get modified in flight by the DHCP relay.
  • DHCP relay determines L2 destination by inspecting contents of relayed packets.
  • DHCP clients, relays and (sometimes) servers use raw sockets because the end-to-end protocol stack isn't yet available.
The basic steps to converting a DMVPN from static address assignment scheme to dynamic are:
  1. Configure a DHCP server. I'm using an external server1 in this example so that we can inspect the relayed packets while they're on the wire.
  2. Configure the hub router. There are some non-intuitive details we'll go over.
  3. Configure the spoke router. Ditto on the non-intuitive bits.
My DHCP server is running on an IOS router (because it's convenient - it could be anywhere) and it has the following configuration:
    1     no ip dhcp conflict logging  
    2     ip dhcp excluded-address 172.16.1.1  
    3     !  
    4     ip dhcp pool DMVPN_POOL  
    5      network 172.16.1.0 255.255.255.0

So, that's pretty straightforward.

The Hub Router has the following relevant configuration:
    1     ip dhcp support tunnel unicast  
    2     interface Tunnel0  
    3       Continue reading

Apple throws down the gauntlet with overhauled privacy policy

Apple is making it very clear how it uses your data with a revamp of its privacy policy, posted in full on the company’s website. In the process, Cupertino is also making it plain just how different it is from other tech companies.Apple affirmed its commitment to customer privacy a year ago, and Tuesday’s update covers everything new in iOS 9 and OS X El Capitan. The company isn’t just issuing platitudes about how great its privacy protections are—it dives into real detail about how its various services use and protect your data.To read this article in full or to leave a comment, please click here

A Linux botnet is launching crippling DDoS attacks at more than 150Gbps

A Linux botnet has grown so powerful that it can generate crippling distributed denial-of-service attacks at over 150 Gbps, many times greater than a typical company's infrastructure can withstand.The malware behind the botnet is known as XOR DDoS and was first identified in September last year. Attackers install it on Linux systems, including embedded devices such as WiFi routers and network-attached storage devices, by guessing SSH (Secure Shell) login credentials using brute-force attacks.The credentials are used to log into the vulnerable systems and execute shell commands that download and install the malicious program. To hide its presence, the malware also uses common rootkit techniques.To read this article in full or to leave a comment, please click here

UT Dallas researcher gets introspective about virtual machines

A University of Texas at Dallas researcher has come up with a way for virtual machines to have each others' backs in the name of better cloud network security.Dr. Zhiqiang Lin, an assistant professor of computer science at the Erik Jonsson School of Engineering and Computer Science at UT Dallas, has earned a National Science Foundation Faculty Early Career Development (CAREER) Award to support his efforts in the area of virtual machine introspection. The award includes $500,000 in funding for five years.MORE: Will containers kill virtual machines?To read this article in full or to leave a comment, please click here

Your privacy and Apple, Microsoft and Google

Within a span of a few days, two of three giants in the tech industry made changes that could directly affect your privacy; the third tried to clear up "privacy and Windows 10."Apple updates privacy policy, releases iOS security guideToday Apple published an updated privacy policy that explains, in detailed but easy-to-understand language, how it uses customers’ data. It begins with a message about Apple’s commitment to your privacy from Apple CEO Tim Cook. He promised Apple never "worked with any government agency from any country to create a backdoor in any of our products or services. We have also never allowed access to our servers. And we never will." Apple also revealed that 94% of the government data requests it receives deal with cops trying to find stolen iPhones.To read this article in full or to leave a comment, please click here

Sponsored Post: iStreamPlanet, Close.io, Instrumental, Location Labs, Enova, Surge, Redis Labs, Jut.io, VoltDB, Datadog, SignalFx, InMemory.Net, VividCortex, MemSQL, Scalyr, AiScaler, AppDynamics, ManageEngine, Site24x7

Who's Hiring?

  • As a Networking & Systems Software Engineer at iStreamPlanet you’ll be driving the design and implementation of a high-throughput video distribution system. Our cloud-based approach to video streaming requires terabytes of high-definition video routed throughout the world. You will work in a highly-collaborative, agile environment that thrives on success and eats big challenges for lunch. Please apply here.

  • As a Scalable Storage Software Engineer at iStreamPlanet you’ll be driving the design and implementation of numerous storage systems including software services, analytics and video archival. Our cloud-based approach to world-wide video streaming requires performant, scalable, and reliable storage and processing of data. You will work on small, collaborative teams to solve big problems, where you can see the impact of your work on the business. Please apply here.

  • Close.io is a *profitable* fast-growing SaaS startup looking for a Lead DevOps/Infrastructure engineer to join our ~10 person team in Palo Alto or *remotely*. Come help us improve API performance, tune our databases, tighten up security, setup autoscaling, make deployments faster and safer, scale our MongoDB/Elasticsearch/MySQL/Redis data stores, setup centralized logging, instrument our app with metric collection, set up better monitoring, etc. Learn more and apply here.

  • Location Labs is Continue reading

Bridging Between Cisco VIRL and GNS3 for L2 and Serial Support

One of the known issue for anyone preparing for a Cisco exam is that the solutions available today don’t support all the needed features.  Cisco VIRL supports L2 switching out of the box, whereas GNS3 does not.  GNS3 supports the configuration of serial interfaces on routers whereas Cisco VIRL does not.  For someone starting out in this […]

The post Bridging Between Cisco VIRL and GNS3 for L2 and Serial Support appeared first on Packet Pushers.

1 3,236 3,237 3,238 3,239 3,240 3,773